Two-dimensional code is being more and more widely used. However, at the same time of bringing convenience to people, hidden security risks also gradually arise for the two-dimensional code. For example, incidents such as stealing of cell-phone balance occur from time to time after the two-dimensional code is scanned by the cell-phone
Chinese invention patent publication No. CN102243714B discloses a two-dimensional code encrypting system, in which a user terminal device represents a user ID by a first area of a two-dimensional code and represents a user password by a second area of the two-dimensional code; a client computer receives and decodes by the two-dimensional code sent by the user terminal device so as to obtain the ID and the password corresponding to the two-dimensional code, and sends the decoded ID and the password to a management server; the management server verifies whether the received ID and password are consistent with the data stored in a user database, and sends the verification result to the client computer; and the client computer receives the verification result sent by the management server. Although the user ID and the user password are added in the designated areas of the two-dimensional code, the attacker can regenerate or modify the data by intercepting the target two-dimensional code image and reserving the areas where the user ID and password are located, so that the user ID and the password keep the same as the original image. In this situation, the server cannot identify the true from the false, and thus the security attack cannot be tackled.
Chinese invention patent publication No. CN103401679B discloses a two-dimensional code encrypting and decoding method, in which the two-dimensional code is encrypted and decoded in a way of symmetric encryption, one two-dimensional code corresponds to one identification; a ciphertext is formed by adding an identification in front of or behind the encrypted original information, and the ciphertext is used to generate a two-dimensional code; the two-dimensional code can be generated only after the original information is encrypted. The two-dimensional code is scanned to obtain the ciphertext composed of the identification and the encrypted original information. There is no protection measure for the encrypting mode database. Once the encrypting mode database is leaked, it can be easily attacked by the attacker.